• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.6
• /
• pp.1375-1386
• /
• 2016

This paper presents an efficient hash chain-based data authentication mechanism which can considerably reduce the overhead of processing and transmission for authenticating segments in CCN. The proposed method makes use of hash chain and MHT(Merkle Hash Tree). At first, it applies hash chain methods for data segments and encodes them to Data part. Then, it constitutes Meta part with the hash values generated at the previous step and properly applies both hash chain method and MHT-based signing for not only achieving efficiency, but also mitigating the drawback(data-loss, out-of-order transmission) of hash chain method. We have implemented our method in the CCNx library and measured the performance. When transmitting 100Mbyte of content, the proposed method generates only 2.596% of processing overhead and 1.803% of transmission overhead.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.05a
• /
• pp.794-796
• /
• 2016

Recently terrestrial mobile multimedia broadcasting(T-DMB) service is being provided throughout the country are expanding and demand is increasing day by day. T-DMB has the advantage of being cheaper in cost than installing another mobile multimedia broadcasting. However, there are a variety data of additional and provide it difficult for localized emergency alert broadcasting services. In this paper, a method to solve this problem feature was designed to restrict incoming unidirectional / bidirectional authentication via T-DMB system. In the mobile device is received by the T-DMB broadcasting service authentication mechanism for re-transmission to the mobile device, and T-DMB receiving other registered users can view it impossible to receive the broadcast. Through the proposed system it is considered to be able to solve the problems of the existing T-DMB technology.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.2B
• /
• pp.188-202
• /
• 2009

In the modern world, where the number of people moving from country to country is sharply increasing, domestic and international driver's licenses are easily fabricated or forged, and distinguishing if a driver's license is legitimate or not is often a difficult task. Furthermore, this would require different countries to mutually share and administer the driving records of individuals, making it a much more complex task (Added to it is the complicated matter of countries having to mutually share and administer the driving records of individuals.) However, the authenticity and security of a driver's license has become the first priority since driver's licenses are also used as identification cards in most countries, thus requiring measures to prevent inappropriate uses arising from theft and embezzlement. In this paper, we propose the mutual authentication mechanism which, can provide enhanced security and efficient operation that is administration of personal information contained within ISO Compliant Driving licence(IDL).

• The KIPS Transactions:PartC
• /
• v.19C no.1
• /
• pp.19-28
• /
• 2012

Wireless sensor network provides services anytime and anywhere they are requested. Especially, medical sensor network based on biosensors is applied a lot to biotechnology and medical engineering. In medical sensor network, people can make their health checked at home free from temporal and spatial constraints. In ubiquitous healthcare environment, people can get instant help even in the emergency, and in hospital, patients can be taken care of efficiently. In this environment, health and life related data are delivered, and the privacy and security of personal data are very important. In this paper, we propose user authentication and data communication mechanism in two modes, normal and urgent situation using cellular phone. Through our proposal, data can be transferred in quick and secure manner.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.1
• /
• pp.282-304
• /
• 2014

Each cloud service has numerous owners and tenants, so it is necessary to construct a privacy preserving identity management and access control mechanism for cloud computing. On one hand, cloud service providers (CSP) depend on tenant's identity information to enforce appropriate access control so that cloud resources are only accessed by the authorized tenants who are willing to pay. On the other hand, tenants wish to protect their personalized service access patterns, identity privacy information and accessing newfangled cloud services by on-demand ways within the scope of their permissions. There are many identity authentication and access control schemes to address these challenges to some degree, however, there are still some limitations. In this paper, we propose a new comprehensive approach, called Privacy pReserving Identity and Access Management scheme, referred to as PRIAM, which is able to satisfy all the desirable security requirements in cloud computing. The main contributions of the proposed PRIAM scheme are threefold. First, it leverages blind signature and hash chain to protect tenant's identity privacy and implement secure mutual authentication. Second, it employs the service-level agreements to provide flexible and on-demand access control for both tenants and cloud services. Third, it makes use of the BAN logic to formally verify the correctness of the proposed protocols. As a result, our proposed PRIAM scheme is suitable to cloud computing thanks to its simplicity, correctness, low overhead, and efficiency.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.5
• /
• pp.87-98
• /
• 2007

AAA protocol is an information protection technology which systematically provides authentication, authorization and accounting function not only in the existing wire network but also in the rapidly developing wireless network, various services and protocol. Nowadays, standardization of the various application services is in progress with the purpose of AAA standardization fer the mobile user in the wireless network. And various researches are being conducted fur using AAA in the roaming service and mobile IPv6 network between heterogeneous networks. In this paper uses OTP and ID-based ticket for user authentication in the mobile device under the ubiquitous environment, and service is seamlessly provided even though the mobile device moves from the home network to the foreign network. In addition, with the ticket renewed from the foreign network, the overhead of the home authentication server can be reduced, and provides anonymity of service through the anonymity ID.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.16 no.6
• /
• pp.25-35
• /
• 2006

Radio Frequency identification (RFID) will become an important technology in remotely object identification systems. However, the use of RFID tags may create new threats to the sniな and Privacy of individuals holding RFID tags. These threats bring several problems which are information leakage of a tag, location trace of individuals and impersonation of a tag. Low-cost RFID systems have much restrictions such as the limited computing power, passive power mechanism and low storage space. Therefore, the cost of tag's computation should be considered as an important factor in low-cost RFID systems. We propose an authentication protocol, OHLCAP which requires only one one-way hash function operation and hence is very efficient. Furthermore, our protocol is suitable to distribution database environment. Hence our scheme can be applied to ubiquitous computing environment.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.7
• /
• pp.181-188
• /
• 2008

Nowadays, WiMAX which provides internet service with a middle and low speed serves more function and is wider than Wi-Fi. While they solve the security risks as subscribers do handover by subscriber's re-certification procedure as the Network range is getting wider, there are more security problems making the problems of electric-power consumption and delay. This paper suggests a handover mechanism which simplify the subscriber's re-certification procedure and prevents a security problem as doing handover for solving the problem of delay and the rate of processing. The mechanism can cooperate with PKI structure to increase flexibility and security and minimize network re-entry procedure or re-certification procedure by providing continual service. As a result. the mechanism's throughput as the number of subscribers is lower than IEEE 802.16e and the mechanism proves that it is secure from the attack of man-in-the-middle and reply as doing handover.

• Journal of the Korean Society for information Management
• /
• v.19 no.1
• /
• pp.23-46
• /
• 2002

With explosively increasing digital contents, library and Information center should have a new role between knowledge providers and knowledge users as information brokering organization. Electronic transaction system should be required for performing this brokering service since economic value is added to information and knowledge in information society. The developments and changes around library are keeping up with increasing building digital library and digitalizing printed sources. With the rapidly changing circumstances, the Internet is currently witnessing an explosive growth. By serving as a virtual information resource. the Internet can dramatically change the way business is conducted and Information is provided. However because of features o( the Internet like openness and information sharing, it has fundamental vulnerabilities in security issues. For Instance, disclosure of private information and line eavesdropping such as password, banking account, transaction data on network and so on are primary obstruction factors to activation of digital contents delivery on network. For high network security and authentication, this paper looks at smart card technologies and proposes multi-authentication protocol based on smart card on open network, implements and analyzes it.

• Journal of Internet Computing and Services
• /
• v.9 no.4
• /
• pp.85-96
• /
• 2008

An authentication procedure on wired and wireless network will be done based on the registration and management process storing both the user's IP address and client device's MAC address information. However, existent MAC address registration/administration mechanisms were weak in MAC Spoofing attack as the attacker can change his/her own MAC address to client's MAC address. Therefore, an advanced mechanism should be proposed to protect the MAC address spoofing attack. But, existing techniques sequentially compare a sequence number on packet with previous one to distinguish the alteration and modification of MAC address. However, they are not sufficient to actively detect and protect the wireless MAC spoofing attack. In this paper, both AirSensor and AP are used in wireless network for collecting the MAC address on wireless packets. And then proposed module is used for detecting and protecting MAC spoofing attack in real time based on MAC Address Lookup table. The proposed mechanism provides enhanced detection/protection performance and it also provides a real time correspondence mechanism on wireless MAC spoofing attack with minimum delay.